Forum: Ruby on Rails login system - user password being updated

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
32edf22df6932b252d7be5a1b9b766c9?d=identicon&s=25 Stephen Fagan (railsman)
on 2009-04-26 17:10
I am developing a small site. The login system works fine and I am using
the sha1 hashing alg to hash passwords. I have an admin side that can
enable or disable users. The problem seems to lie in the disable
(destroy) method. When I disable a user, it updates the password to a
new password so when the user is re-enabled, I get an "invalid
username/password" error and I have to reset the password. I cant see
why it is doing this.

My destroy method is :

  def destroy
    @user = User.find(params[:id])
    if @user.update_attribute(:enabled, false)
      flash[:notice] = "User disabled"
      flash[:error] = "There was a problem disabling this user."
    redirect_to :action => 'show'

Anyone any ideas?
32edf22df6932b252d7be5a1b9b766c9?d=identicon&s=25 Stephen Fagan (railsman)
on 2009-04-26 18:04
I ended up kinda working it out. I now just reset the password and email
the link to the user. Not 100% ideal but it works!
5f94b9b346c2aa648a80bc259978e5bc?d=identicon&s=25 Colin Law (Guest)
on 2009-04-26 18:35
(Received via mailing list)
Are you saying that after the update_attribute the password field is
changed?  If so do you have some sort of filter that might be running
changing it?  Possibly you could put debugger traps at each point you
the password and check it is not getting there.  Also have a look in the
to see what sql is being executed and if there are any unexpected write

2009/4/26 Stephen Fagan <>
This topic is locked and can not be replied to.